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1 EP 0 956 

Description 

Field of the Invention 

[0001] The present invention relates to smart card se- 5 
curity and more particularly to a system and method of 
biometric authentication of a smart card user. 

Background 

10 

[0002] Authentication is the process by which an en- 
tity, such as a financial institution or bank or other type 
of institution, identifies and verifies its customers or us- 
ers to itself and itself to its customers or users. Authen- 
tication includes the use of physical objects, such as 15 
cards and/or keys, shared secrets, such as personal 
identification numbers (PIN's) and/or passwords, and 
biometric technologies, such as voice prints, photos, 
signatures and/or fingerprints. Biometric tasks Include, 
for example, an identification task and a verification 20 
task. The verification task determines whether or not the 
individual claiming an identity is the individual whose 
identity is being claimed. The identification task deter- 
mines whether the biometric signal, such as a finger- 
print, matches that of someone already enrolled in the 25 
system. 

[0003] Typically, biometric systems have a common 
methodology, regardless of their modality, such as fin- 
gerprint, face, voice, or the like. A person enrolls by do- 
nating some number of samples of the biometric. From 30 
these samples, the biometric system creates a model of 
the particular individual's patterns, which is referred to 
as a template. When the person attempts to access the 
system, the application collects new data. In a verifica- 
tion application, the Individual claims an identity, and the 35 
application retrieves the individual's model from a data- 
base and compares the new signal to the retrieved mod- 
el. The result of this comparison is a match score, which 
indicates how well the new signal matches the template. 
The application then compares the match score ob- 40 
tained with a pre-defined threshold and decides whether 
to allow or deny access to the individual or, for example, 
to ask the individual for more data. 
[0004] Various authentication parameters are used by 
security systems to verify a valid cardholder and to grant 45 
the cardholder access to a secured resource. Informa- 
tion parameters, such as PIN's, can be readily read and 
processed by a card reader according to a system ver- 
ificatton algorithm. However, Information can be com- 
promised, so that many authentication systems also re- so 
quire person-unique biometric parameters, such as fin- 
gerprints, or retinal images. In such authentication sys- 
tems, cardholder bio-specimens are stored in digital for- 
mat in the system computer. During authentication the 
system obtains the infomnation parameters, for exam- 55 
pie, from the card, and the biometric parameters from 
the person and matches both to the system-stored val- 
ues. For a fingerprint, for example, there are fourteen 
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points and interpoint distances that the biometric reader 
compares and, depending on the match score, grants 
or denies access. 

[0005] The required match score is a function of a pre- 
selected security level and is set by the application de- 
signer. However, the image acquisition tolerances, as 
well as changes in the person's biometric parameter, 
such as a finger cut on the referenced fingerprint, cause 
false acceptances, such as accepting an impostor 
(False Accept or FA), and false rejections, such as re- 
jecting a valid user (False Reject or FR). Manufacturers 
of biometric readers or application developers provide 
performance histograms, which are distributions of the 
empirical number of valid acceptances and valid rejec- 
tions provided by the reader. To the extent the distribu- 
tions overlap, there are regions of false rejections of val- 
id users or FR and fa\se acceptance of impostors or FA. 
In setting the system parameters, applrcatbn designers 
attempt to set a threshold authentication match score 
which balances these tolerances against efficiency for 
a given application. 

[0006] The selected threshold match score is based 
on the desired probability of occurrence or non-occur- 
rence of a FA and/or FR, and the perfonnance histo- 
grams quantify the probability of occurrence of FA and 
FR. These probabilities are inverse, in that by increasing 
the threshold score to reduce the Probability of FA or P 
(FA), the Probability of FR or P(FR) is Increased. Con- 
versely, decreasing the threshold to reduce the Proba- 
bility of FR or P(FR) increases the Probability of FA or 
P(FA). 

[0007] In a given application the selected threshold is 
coded Into the reader software, and system perform- 
ance Is observed. If actual system efficiency is unac- 
ceptable due to a False Reject Rate (FRR) that is too 
high, the threshold score is reduced, and if unaccepta- 
ble due to a False Accept Rate (FAR) that is too high, 
the threshold is increased. Each time the threshold 
score changes, it must be receded Into the reader sys- 
tem software. Similarly, with each new reader model or 
new release, the threshold score must be changed in 
accordance with the new model histograms and possi- 
bly changed again following actual performance evalu- 
ation. Each re-codIng of the threshold match score gen- 
erally requires a new system software release, together 
with the time and labor required to install the new soft- 
ware. 

[0008] EP-A-0 61 2 035 and GB-A-2 237 672 disclose 
a method of the kind referred to in the preamble of claim 
1 of authenticating a smart card user at a reader device. 
EP-A-0 612 035 also discloses a system of authenticat- 
ing a user at a reader device, which system is of the kind 
referred to in the preamble of claim 27. 

SUMMARY OF THE INVENTION 

[0009] It is a feature and advantage of the present in- 
vention to provide a system and method of biometric 
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smart card user authentication which automatically ad- 
justs the probability of occurrence or non-occurrence of 
false acceptance of an Impostor and false rejection of a 
valid user without the necessity of reprogramming the 
reader system software. 5 
[0010] It is a further feature and advantage of the 
present Invention of provide a system and method of bi- 
ometric smart card user authentication in which the per- 
formance of the biometric technology is independent of 
where the system positions the threshold for false ac- io 
ceptance and false rejection. 
[0011] It is another feature and advantage of the 
present invention to provide a system and method of bi- 
ometric smart card user authentication which makes the 
card application more secure, thereby reducing the risk 15 
of fraudulent or unauthorized use and allowing for high- 
er-value applications 

[0012] It is an additional feature and advantage of the 

present invention to provide a system and method of bi- 
ometric smart card user authentication which simplifies 20 
application design requirements by putting the user's bi- 
ometric template on the card, thereby eliminating or 
greatly reducing network traffic. 
[0013] it is still another feature and advantage of the 
present invention to provide a system and method of bi- 25 
ometric smart card user authentication which enhances 
security and privacy by eliminating the necessity of 
transmitting the user's biometric template around to dif- 
ferent locations where it is needed. 
[0014] It is a still further feature and advantage of the 30 
present invention to provide a system and method of bi- 
ometric smart card user authentication which allows ap- 
plication designers to set operating thresholds as tightly 
or as loosely as is appropriate for the particular risk in- 
volved. 35 
[0015] It is also a feature and advantage of the 
present invention to provide a system and method of bi- 
ometric smart card user authentication with a flexible ar- 
chitecture format for storing biometrics on the smart 
card that is independent of application or biometric ^0 
methodology or vendor. 

[0016] It is still an additional feature and advantage of 
the present invention to provide a system and method 
of biometric smart card user authentication which sup- 
ports different methods, vendors, and releases, and al- 
lows for flexibility of application deployment. 
[0017] It is another feature and advantage of the 
present invention to provide a system and method of bi- 
ometric smart card user authentication in which the user 
is automatically authenticated by an application on the so 
smart card. 

[001 8] It is an additional feature and advantage of the 
present invention to provide a method and system of bi- 
ometric smart card user authentication in which the cus- 
tomer's use of the smart card in a transaction ties the ss 
customer undeniably to the transaction and make the 
transaction non-reputiatable. 
[0019] To achieve the stated and other features, ad- 
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vantages and objects of the present invention, the sys- 
tem and method for authenticating a smart card user at 
a reader device of an embodiment of the present inven- 
tion includes storing information fields for the user on 
the smart card relating to biometric information for the 
user, also refen'ed to as a biometric template. The bio- 
metric template includes at least one model of btometric 
patterns for the user, such as the user's voice print, pho- 
tograph, signature, fingerprint, hand geometry, retinal 
image or iris scan. The infomiation fields also include a 
table of pre-defined probability of occurrence values for 
user authentication, as well as personal data for the us- 
er, identification of a biometric system, and a hashed 
data field. The infonmation fields are stored in an appli- 
cation on a microprocessor of the smart card. 
[0020] In an embodiment of the present invention, 
storing the information fields relating to the table of pre- 
defined probability of occurrence values involves auto- 
matically assigning a probability of occurrence value to 
each of a plurality of pre-defined threshold match 
scores, which are automatically identified for each of a 
plurality of value ranges of biometric reader device 
match scores. Identifying the threshold match scores in- 
voh^es automatically tabulating a performance histo- 
gram distribution of biometric reader device match 
scores for false acceptance of an impostor and false re- 
jection of a valid user into a plurality of value ranges. 
Tabulating the performance histogram distribution in- 
volves automatically quantifying the perfonmance histo- 
gram into discrete levels of biometric reader device 
match scores and automatically assigning the probabil- 
ity of occun'ence value for each of the discrete levels of 
the biometric reader device match scores. 
[0021 ] In an embodiment of the present invention, the 
smart card, together with a biometric sample for the us- 
er, are presented to the reader device, which is device 
match scores and automatically assigning the probabil- 
ity of occun'ence value for each of the discrete levels of 
the biometric reader device match scores. 
[0022] In an embodiment of the present invention, the 
smart card, together with a biometric sample for the us- 
er, are presented to the reader device, which is associ- 
ated with a terminal, such as at least one of an area 
access terminal, a computer network terminal, a com- 
puter access terminal, a stored value terminal, a mone- 
tary access terminal, a PBX terminal, a long distance 
terminal, a personal computer, a laptop computer, a per- 
sonal digital assistant, a public intemet terminal, and an 
automated teller machine. The presented biometric 
sample is. for example, at least one of a voice print, pho- 
tograph, signature, fingerprint, hand geometry, retinal 
image, and an iris scan 

[0023] in an embodiment of the present invention, the 
user is automatically authenticated by the reader device 
based at least in part on a match level between the 
stored biometric information and the presented biomet- 
ric sample according to a desired probability of occur- 
rence value from the stored table. The desired probabil- 
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ity of occurrence value is pre-selected by pre-defining a 
desired probability of occurrence value for false accept- 
ance of an impostor and false rejection of a valid user 
and pre-defining an instruction set which directs the 
reader device to look to the stored table of probability of 
occurrence values for a false acceptance of an impostor 
and false rejection of a valid user threshold match score 
corresponding to the desired probability of occurrence 
value. The user authentication is performed by an ap- 
plication associated with the reader device and residing 
on the reader device and/or the terminal. 
[0024] Alternatively, in an embodiment of the present 
invention, in order to provide enhanced security, the us- 
er is automatically authenticated by an application on 
the smart card. For example, the reader device reads 
the presented biometric sample and automatically 
presents what is read by the reader device to the smart 
card application. The smart card application then au- 
thenticates the user according to the threshold match 
score from the table on the smart card application that 
corresponds to the desired probability of occurrence val- 
ue. 

[0025] Additional objects, advantages and novel fea- 
tures of the present invention will be set forth in part in 
the description which follows, and in part will become 
more apparent to those skilled in the art upon examina- 
tion of the following or may be learned by practice of the 
Invention. 

Brief Description of the Drawings 
[0026] 

Fig. 1 is a table which illustrates examples of types 
of data used in measuring biometrics performance 
for an embodiment of the present Invention: 
Fig. 2 shows a sample biometric reader device per- 
formance histogram for an embodiment of the 
present invention; 

Fig. 3 is a table which illustrates four possible out- 
comes of a single biometric reader device trial for 
an embodiment of the present invention; 
Fig. 4 is a diagram which illustrates an example of 
a receiver operating characteristic (ROC) curve for 
an embodiment of the present invention; 
Fig. 5 is a flow chart which shows somewhat sche- 
matically an overview of the key components and 
the flow of information between the key compo- 
nents for an embodiment of the present invention; 
Fig. 6 is a table which illustrates examples of the 
type of data stored on the smart card for an embod- 
iment of the present invention; 
Fig. 7 is a table which shows a sample probability 
look-up table for an embodiment of the present in- 
vention; and 

Fig. 8 is a flow chart which provides further detail 
regarding the process of authenticating a user 
through match scoring of a sample biometric ob- 



tained from the user by a biometric reader device 
for an embodiment of the present invention. 

Detailed Description 

5 

[0027] Refemng now in detail to an embodiment of the 
present invention, an example of which is illustrated in 
the accompanying drawings, a number of methods can 
be used to quantitatively measure biometrics perform- 

10 ance. Fig. 1 is a table which illustrates examples of types 
of data used in measuring biometrics performance for 
an embodiment of the present invention. The types of 
data include, for example, performance histogram 2, 
False Accept Rate (FAR) and False Reject Rate (FRR) 

15 4. Equal En"or Rate (EER) 6, Failure to Acquire (FTA) 8, 
and "d*" and Receiver Operating Characteristic (ROC) 
plots 10. 

[0028] A basic way to look at data for quantitatively 
measuring the performance of biometrics is to Inspect 

20 the performance histogram 2. Each time a trial is per- 
formed, the system returns a match score which is plot- 
ted in the histogram 2. Fig. 2 illustrates a sample bk>- 
metric reader device performance histogram for an em- 
bodiment of the present Invention. The histogram 2 has 

25 the match score 12 on the x-axis 14, from low scores 16 
toward the left side of the histogram to high scores 18 
toward the right side of the histogram. The number of 
cases attempted 20 is shown on the y-axis 22 of the his- 
togram 2. Valid users 24 have higher match scores 18 

30 and are shown on the right side of the histogram 2. Dis- 
tributions vary from device to device, but are commonly 
normally distributed as bell curves 26 and 28. Impostors 
30 have lower scores 16 and are shown on the left side 
of the histogram 2. Note also that there are usually fewer 

35 Impostors 30 than valid users 24. 

[0029] Refemng further to Fig. 2. the vertical line on 
the histogram, which separates the two distributions of 
scores 26, 28, is known as the threshold 32. If a user 
scores higher than the threshold 32, the user is accept- 

40 ed, but if the user scores lower than the threshold, the 
user Is rejected. There are four possible outcomes of a 
single trial. Fig. 3 is a table with illustrates the four pos- 
sible outcomes of a single biometric reader device trial 
for an embodiment of the present invention. The four 

45 possible outcomes include, for example, Conrect Accept 
34 of a customer, Correct Reject 36 of an impostor, 
False Accept or FA 38 of an impostor, and False Reject 
or FR 40 of a customer. The percentage of cases in the 
False Accept or FA 38 outcome is called the False Ac- 

50 cept Rate (FAR), and the percentage of cases in the 
False Reject or FR 40 outcome is called the False Reject 
Rate (FRR). 

[0030] Referring again to Fig. 2, if the threshold 32 is 
repositioned toward the left side of the histogram 2. few- 
55 er FR's 40 occur, but more FA's 38 occur. If the threshold 
32 is repositioned toward the right side of the histogram 
2, more FR's 40 occur, but fewer FA's 38 occur. This is 
the essential tradeoff made in the context of an applica- 
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tion for an embodiment of the present invention. An Im- 
portant aspect of an embodiment of the present inven- 
tion is that the system and method of the present inven- 
tion automaticaliy moves the threshold, and the per- 
formance of the biometric technology is independent of 
where the application positions the threshold 32. 
[0031] The system and method for an embodiment of 
the present invention moves the threshold 32 according 
to the objectives of greater security or rejecting fewer 
customers. Referring likewise to Fig. 2, if the objective 
is greater security, the threshold 32 is moved to a higher 
position. If the objective is to reject fewer customers, the 
threshold 32 is moved to a lower position. Therefore, 
comparing a system which has. for example, a stated 
performance level of 1 percent FAR and 1 0 percent FRR 
with another system that has, for example, a perform- 
ance level of 2 percent FAR and 8 percent FRR is anal- 
ogous to comparing apples with oranges. 
[0032] Different organizational constituencies typical- 
ly have different perspectives of the FRR and FAR. For 
example, a security professional may prefer to know 
what the FRR will be if the FAR is set to 0 percent, while 
a marketing professional may wish to know what the 
FAR will be if the FRR is set to 0 percent. The number 
that is disposed in the middle is the Equal Error Rate 
(ERR). To address the aspect of movable thresholds, 
another method of quoting performance is the EER. Re- 
femng further to Fig. 2, to find the EER, the threshold 
32 is set so that the percentage of FAR equals the per- 
centage of FRR, and the overall error is calculated. For 
example, if the threshold 32 is set so that 5 percent of 
valid users 24 are rejected and 5 percent of impostors 
30 are accepted, the overall EER is 5 percent. This is 
the outcomes table of a 5 percent EER. 
[0033] Another measure of biometrics performance is 
called Failure to Acquire (FTA) 8, which is the failure of 
the system to find a signal to analyze. For example, in 
the fingerprint area, this is known as the 'presentation 
problem.' If a user does not place the user's finger on 
the scanner with the right orientation, or if the user 
moves the user's finger while the system is scanning, 
the resulting Image cannot be processed. Likewise, in 
a speech system, if the user does not speak loudly 
enough, or if there is line noise or a bad connection, the 
system can fail to find the words. In a face verification 
system, the system may not be able to find a head in 
the proper frame it expects, and hence fails to acquire 
the photo. FTA 8 is often a result of human factor prob- 
lems, mainly due to the amount of training a user may 
have or the amount of work a user must do to make the 
biometric work. 

[0034] A numerical description of the degree of sep- 
aration of two distributions, such as the scores of the 
valid users 24 and the scores of the impostors 30, known 
as "d*." is available from statistical deciston and signal 
detection theory, and is related to the Neyman-Pearson 
equations describing distributions. It is defined accord- 
ing to the equation: 



d' = {m2 - m1)/sqrt [sdl^ + sd2^)/2] 



in which "d'" is equal to the difference between the 
5 means of the distributions divided by the square root of 
the average of the squares of the standard deviations 
of the distributions. 

[0035] Fig. 4 is a diagram which illustrates an example 
of a receiver operating characteristic (ROC) curve 42 for 
10 an embodiment of the present invention. Referring to 
Fig. 4, the Probability of False Reject or P(FR) 44 is plot- 
ted on the y-axis 46, and the Probability of False Accept- 
ance or P{FA)) 48 is plotted on the x-axis 50. As previ- 
ously mentioned, there is a tradeoff by moving the 
IS threshold, for example, higher and rejecting more valid 
users 23 but also keeping out more impostors 30. This 
tradeoff Is shown as the ROC curve 42. In the ROC 
curve 42, points near the origin (0, 0) 52 represent op- 
erating the biometric with some FA 38 and FR 40, 
20 whereas points at the ends of the line represent thresh- 
olds which are set very high or very low. For example, 
the threshold can be set high, such that P(FA) 48 is low 
and P(FR) 44 is high, or the threshold can be set low, 
such that P(FA) 48 is high while P(FR) 44 is low. 
25 [0036] Fig. 5 is a flow chart which shows somewhat 
schematically the key components and the flow of infor- 
mation between the key components for an embodiment 
of the present invention. Referring to Fig. 5, the system 
and method for biometric authentication of a smart card 
30 user 54 for an embodiment of the present invention in- 
volves storing certain infomiation fields 56 In an appli- 
cation 58 on a microprocessor 60 embedded In the 
smart card 62, along with a biometric sample 64 itself. 
The information fields 56 include system identification 
35 and personal data, as well as a hashed data field, which 
is decoded by the system during the authentication 
process to certify the integrity of the information param- 
eters. 

[0037] Refemng further to Fig. 5. additionally, the ap- 
<o plication 58 on the smart card 62 includes a probability 
look-up table 66 which quantifies a reader device per- 
fonmance histogram distribution into discrete levels of 
match score 12 and assigns a corresponding probability 
factor to each level for both false acceptances of impos- 
-^5 tors 30 and false rejections of valid users 24. The system 
reader device 68 is programmed with a desired Proba- 
bility of False Acceptances or P(FA)'s 48 and False Re- 
jections or P{FR)'s 44. The system reader 68 Is also pro- 
grammed with an instruction routine that tells the system 
50 signal processor to look to the probability look-up table 
66 on the card 62 to determine the false acceptances 
or false rejections threshold match score corresponding 
to the desired probability factor, to be used for authen- 
tication. 

55 [0038] An embodiment of the present invention pro- 
vides an architecture which allows flexibility in applica- 
tion design. Since application requirements vary in 
terms of risk, user populations, channel properties and 
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cost, the system and method for an embodiment of the 
present invention supports a wide range of these prop- 
erties. Blometric technology provides a type of security 
that Is quatitatrvely different from that provided by tol^en- 
based methods and information based methods. Tol^en 
based methods make use of something that a user has. 
such as the card itself, and information-based methods 
utilize something that the user knows, such as a PIN or 
password. Biometric technology for an embodiment of 
the present invention can be used in addition to these 
other methods or by itself, 

[0039] In embodiment of the present invention, the 
use of blometric technology In conjunction with the 
smart card 62 makes the card application 58 more se- 
cure, thereby reducing the risk of fraudulent or unau- 
thorized use. This allows for the implementation of high- 
er-valued applications. Further, such use of biometric 
technology provides for non-repudlatlon of a transaction 
by the user 54 using the user's smart card 62, so the 
user cannot deny a transaction performed by the user 
with the smart card. In other words, use of blometric 
technology In conjunction with the smart card 62 unde- 
niably ties the user 54 to use of the smart card by the 
user. In addition, by putting the biometric template 64 
on the card 62, application design requirements are sim- 
plified, since network traffic is eliminated or greatly re- 
duced. This also enhances security and privacy, since 
it is unnecessary to transmit the template 64 around to 
different locations where it Is needed. 
[0040] The system and method for an embodiment of 
the present invention has numerous applications, such 
as secure area access, computer network and computer 
access, stored value or other monetary access, PBX 
and long distance access. Each of such applications has 
different requirements in tenms of risk, environment, us- 
er, channel and cost, in terms of risk, a transaction 
which, for example, transfers a million dollars to a num- 
bered Swiss bank account has a higher risk than one 
which simply returns a user's bank account balance. 
Gaining access, for example, to a nuclear weapons fa- 
cility or to war plans or lists of secret agents cames a 
greater risk than gaining access to an officer's club or 
DISNEY WORLD. An objective of the application de- 
signer is to set application operating thresholds as tight- 
ly or as k)osely as is appropriate for the particular risk 
involved. 

[0041] In terms of environment, an office environment 
Is different, for example, from an outdoor setting in a 
public space or a freezing border crossing station. While 
a face verification system worics well, for example. In an 
office environment, it may not work in a public space 
where the lighting and background Is uncontrolled. Like- 
wise, a hand geometry unit will not work well at the freez- 
ing border station, unless heated in some way, but a 
speaker verification system may work. In regard to the 
user, If a user uses a particular system frequently, the 
user soon becomes habituated to the system. Since hu- 
man factors are an important part of overall system per- 



formance, a habituated user typically obtains better sys- 
tem perfonmance than an unhabituated user on any giv- 
en biometric. Some biometric methods are easier to 
learn and faster to use than others, so the type of user 
s that Is anticipated is an important factor in the selection 
and deployment of a biometric. 
[0042] In terms of channel, some biometrics are more 
appropriate than others, depending on the channel of 
use. For example, for long distance or cell phone ac- 
10 cess, speaker verification Is more natural and efficient 
than, for example, fingerprinting. Secure area access 
method choice depends on the environment, but signa- 
ture verification may be more difficult than a camera 
based method, given the fact that the user may be car- 
15 rying packages or the like and standing, or the user may 
be in a wheelchair. However, for a point of sale terminal, 
if a signature Is required in a credit card transaction an- 
yway, and if the merchant is moving to a paper-less busi- 
ness and the tenninal has a pressure sensitive tablet for 
20 signature capture, then signature verification may be the 
most appropriate biometric method. 
[0043] Other channels include, for example, the per- 
sonal computer (PC) at home. Since many people only 
have one phone line into their home, deploying voice 
25 authentication may be cumbersome. However, a less 
cumbersome method may be a camera based method, 
since people may have cameras for other purposes, 
such as video teleconferencing. Other channels include, 
for example, laptop, personal digital assistant (PDA), 
30 public internet tenninals, automated teller machines 
(ATM's). vehicles, and the like. 
[0044] In temis of cost, there are a number of deter- 
minants of cost of a biometric, including the cost of en- 
rollment, such as workstations, user time and monitor- 
's ing, if supervised. Other cost factors include, for exam- 
ple, the cost of an access trial, such as user time, hard- 
ware and software and operations costs amortized over 
the number of verifications in the expected duratk>n of 
the system, and the cost of storing the templates, such 
40 as the size of the template divided by cost of storage. 
To illustrate an example of the range of costs, a speaker 
verification system can be deployed for a telephone net- 
wort( that costs approximately $5,000 per channel for a 
processor capable of performing up to 5 verifications a 
45 minute. If the system performs 300 verifications an hour. 
24 hours a day. 7 days a week. 360 days a year, after 3 
years when the system is presumed obsolete, the cost 
per verification is about 6 cents per hundred verifica- 
tions. 

50 [0045] On the other hand, to Illustrate another exam- 
ple of the range of costs, an Iris scanner at a secure 
room portal might also cost about $5,000, but traffic 
through the portal might only be 30 verifications an hour 
or less, so the cost per verification for the iris scanner 
55 is proportionally greater than for speaker verification. As 
for template size, a hand geometry unit requires only 9 
bytes of storage per template, whereas some fingerprint 
units and voice units require upwards of a kilobyte per 
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template. Since memory costs on smart cards are not 
inexpensive, and the amount of time it takes to transfer 
the data off the card, in the case of matching template 
to signal off the card, is proportional to the size of the 
template, template size is an Important consideration. 
[0046] In an embodiment of the present invention, a 
smart card parameter protocol mandates that certain in- 
formation fields 56 are stored on the card 62, in addition 
to the biometric sample 64 itself. These information 
fields 56 include system identification and personal da- 
ta, as well as a hashed data field, which is decoded by 
the system during the authentication process to certify 
the integrity of the information parameters. Fig. 6 Is a 
table which illustrates examples of the type of data 
stored on the smart card 62 for an embodiment of the 
present invention. 

[0047] Referring to Fig. 6, the content of the first six 
fields includes, for example, method 70, vendor 72, re- 
lease 74, template 64, last updated 78, and first enrolled 
80. The method field 70 relates to the biometric technol- 
ogy employed, such as fingerprint. The vendor field 72 
identifies the particular vendor, such as SONY. The re- 
lease field 74 specifies a release number, such as 1.0. 
The template field 64 Is the particular template, and the 
last updated and first enrolled fields 78. 80 indicate 
dates. Refenring further to Fig. 6, the hash value 82 is a 
value which is amved at by hashing everything in the 
record. This can be transmitted elsewhere to authenti- 
cate the validity of the template 64. 
[0048] Another aspect of an embodiment of the 
present invention is that the card 62 also includes a 
probability look-up table 66 which quantifies the reader 
device performance histogram distribution into discrete 
levels of match score, such as 200, 300, 400, and so 
on, and assigns a conresponding probability factor to 
each level. Fig. 7 is a table which shows a sample prob- 
ability look-up table 66 for an embodiment of the present 
invention. Referring to Fig. 7, the probability look-up ta- 
ble 66 includes an array of threshold match scores that 
are Interpreted by the application 58. For example, for 
a False Accept Rate or FAR of less than 1 in 100. the 
match value between the template 64 and the presented 
signal must be greater than 200. Alternatively, for a 
False Reject Rate or FRR of less than 1 in one million, 
a threshold match score of 400 is used. This Is done for 
both FA 38 and FR 40. 

[0049] In an embodiment of the present invention, the 
system reader 68 is programmed with a desired P(FA) 
48 or P(FR) 44 rather than with a fixed threshold match 
score. The system reader 68 Is also programmed with 
an instruction routine that tells the system signal proc- 
essor to look to the probability look-up table 66 on the 
card 62 to determine the desired probability factor's cor- 
responding FA 38 or FR 40 threshold match score to be 
used for authentication. This aspect reduces the cost of 
new system releases, since the application software 
may remain the same and only the cards have to be re- 
programmed, instead of both the system and the cards 



as in the prior art. In addition, the cards may be pro- 
grammed for personalized authentication, for example, 
at either a higher or lower security level, on an individual 
basis, instead of one value fits all. 
5 [0050] In an embodiment of the present invention, the 
user 54 is authenticated through match scoring of a 
sample biometric obtained from the user by the biomet- 
ric reader device 68. Fig. 8 is a flow chart which provides 
further detail regarding the process of authenticating a 
10 user through match scoring of a sample biometric ob- 
tained from the user by a biometric reader device for an 
embodiment of the present invention. At S1 , a biometric 
template 64 for the user 54 is stored in an applicatton 
58 on a microprocessor 60 of the smart card 62, along 
15 with information fields 56, including system identification 
and personal data for the user. At S2, a look-up table 66 
based on a tabulation of perfomiance histogram distri- 
bution of biometric reader device match scores for false 
acceptance or FA 38 and false rejection or FR 40 into 
20 value ranges, with each value range identified by a 
threshold match score and each threshold match score 
assigned a con-esponding probability of occurrence val- 
ue P(FA) 48 and P{FR) 44, is also stored on the smart 
card application 58. 
25 [0051] Refening further to Fig. 8, at S3, the user 54 
presents the smart card 58, along with a new biometric 
sample for the user, to the biometric reader device 68 
pre-programmed with a desired probability of occur- 
rence value and with an Instruction set that commands 
30 the reader device to look to the look-up table 66 on the 
card 58 for the threshold match score associated with 
the desired probability to be used for authentication of 
the user. At S4, the reader device 58 compares the new 
biometric sample for the user 54 with the user's biomet- 
35 ric template 64 stored on the smart card 62, identifies 
the threshold match score associated with the desired 
probability of occun^ence value, and authenticates the 
user on the basis of the identified threshold match score. 
[0052] It Is clear that there is no *one biometric fits all' 
40 for every application, nor is there one operating thresh- 
old that is appropriate for all applications. An embodi- 
ment of the present invention provides a flexible archi- 
tecture format for storing biometrics on smart cards that 
is Independent of appllcatbn or biometric methodology 
^5 or vendor. In an embodiment of the present invention, 
threshold match scores are no longer 'hardwired' in a 
specific application to a specific method, vendor and 
specific release. The same architecture applies no mat- 
ter what the risk, vendor, biometric method or release. 
50 Thresholds and methods are determined, and probabil- 
ity density functions of various vendors, methods and 
releases are derived in order to fill in the threshold match 
scores. Thus, an embodiment of the present inventk>n 
supports different methods, vendors and releases, and 
55 allows for flexibility in application deployment. 

[0053] Various prefenred embodiments of the present 
Invention have been described in fulfillment of the vari- 
ous objects of the invention. It should be recognized that 
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these embodiments are merely illustrative of the princi- 
ples of the present invention. Numerous modifications 
and adaptations thereof will be readily apparent to those 
skilled in the art without departing from the spirit and 
scope of the present invention. Accordingly, the inven- ^ 
tion is limited only by the following claims. 



Claims 

10 

1. A method of authenticating a smart card user at a 
reader devicOt comprising: 

storing information fields for the user on the 
smart card, wherein the information fields com- 15 
prise biometric information for the user and a 
table of pre-defined probability of occurrence 
values for user authentication; 
presenting the smart card and a biometric sam- 
ple for the user to the reader device; and 20 
automatically authenticating the user based at 
least in part on the match level between the 
stored biometric information and the presented 
biometric sample, 

calculating a match level between: 25 

(a) the biometric infonmation for the user 
that is stored on the smart card and 

(b) the biometric sample for the user that is 
presented to the reader device; 30 

characterized by 

- storing the infomnation fields relating to the ta- 
ble of pre-defined probability of occurrence val- 35 
ues for user authentication further comprises 
automatically assigning a probability of occur- 
rence value to each of a plurality of pre-defined 
threshold match scores; 

programming the reader device with: 40 

(a) a desired probability of occurrence val- 
ue and 

(b) an Instruction set directing the reader 
device to look to the table stored on the 45 
smart card to obtain the threshold match 
score that corresponds to the desired prob- 
ability of occurrence value; 

- comparing the calculated match level with the so 
threshold match score that is obtained from the 
table stored on the smart card; and 

- authenticating the user if the calculated match 
level is greater than the threshold match score 
that is obtained from the table stored on the ss 
smart card. 

2. The method of claim 1 , wherein storing the informa- 



tion fields relating to the biometric information for 
the user further comprises storing a biometric tem- 
plate for the user 

3. The method of claim 2, wherein storing the biomet- 
ric template further comprises storing at least one 
model of biometric patterns for the user selected 
from a group of biometric patterns consisting of 
voice print, photograph, signature, fingerprint, hand 
geometry, retinal image, and iris scan. 

4. The method of claim 1 , wherein automatically as- 
signing the probability of occurrence values further 
comprises automatically identifying the threshold 
match scores for each of a plurality of value ranges 
of biometric reader device match scores. 

5. The method of claim 4. wherein automatically iden- 
tifying the threshold match scores further comprises 
automatically tabulating a performance histogram 
distribution ofblometric reader device match scores 
for false acceptance of an impostor and false rejec- 
tion of a valid user Into the plurality of value ranges. 

6. The method of claim 5, wherein automatically tab- 
ulating the performance histogram distribution fur- 
ther comprises automatically quantifying the per- 
formance histogram distribution into discrete levels 
of the biometric reader device match scores. 

7. The method of claim 6, wherein automatically tab- 
ulating the performance histogram distribution fur- 
ther comprises automatically assigning the proba- 
bility of occurrence value for each of the discrete 
levels of the biometric reader device match scores. 

8. The method of claim 1 . wherein storing the informa- 
tion fields further comprises storing personal data 
for the user on the smart card. 

9. The method of claim 1 , wherein storing information 
fields further comprises storing information related 
to identification of a biometric system on the smart 
card. 

10. The method of claim 1 . wherein storing the informa- 
tion fields further comprises storing a hashed data 
field on the smart cared. 

1 1 . The method of claim 1 , wherein storing the informa- 
tion fields further comprises storing the information 
fields in an application on the smart card. 

12. The method of claim 11. wherein storing the Infor- 
mation fields in the application further comprises 
storing the information fields in an application on a 
microprocessor of the smart card. 
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13. The method of claim 1, wherein presenting the 
smart card further comprises presenting the smart 
card to the reader device associated with a terminal. 

14. The method of claim 13, wherein the terminal fur- ^ 
ther comprises at least one of an area access ter- 
minal, a computer networic terminal, a computer ac- 
cess terminal, a stored value terminal, a monetary 
access terminal, a PBX terminal, a long distance 
terminal, a personal computer, a laptop computer. 

a personal digital assistant, a public internet termi- 
nal, and an automated teller machine. 

15. The method of claim 1 . wherein presenting the bio- 
metric sample further comprises presenting the bl- ^5 
ometric sample to the reader device associated with 

a terminal. 

16. The method of claim 15, wherein the terminal fur- 
ther comprises at least one of an area access ter- 20 
minal, a computer network terminal, a computer ac- 
cess terminal, a stored value terminal, a monetary 
access terminal, a PBX terminal, a long distance 
terminal, a personal computer, a laptop computer, 

a personal digital assistant, a public internet termi- 25 
nal, and an automated teller machine. 

17. The method of claim 1 , wherein presenting the bio- 
metric sample further comprises presenting at least 
one biometric sample selected from a group of bio- 30 
metric samples consisting of voice print, photo- 
graph, signature, fingerprint, hand geometry, retinal 
Image, and iris scan. 

18. The method of claim 1, wherein automatically au- 35 
thenticating further comprises pre-selecting the de- 
sired probability of occurrence value. 

19. The method of claim 18, wherein pre-selecting the 
desired probability of occunrence value further com- ^0 
prises pre-defining a desired probability of occur- 
rence value for false acceptance of an impostor and 
false rejection of a valid user. 

20. The method of claim 19, wherein pre-defining the ^5 
desired probability of occurrence value further com- 
prises pre-defining an instruction set directing the 
reader device to look to the stored table of proba- 
bility of occurrence values for a false acceptance of 

an impostor and false rejection of a valid user 50 
threshold match score corresponding to the desired 
probability of occurrence value. 

21. The method of claim 20. wherein automatically au- 
thenticating further comprises automatically select- S5 
ing the false acceptance of an impostor and false 
rejection of a valid user threshold match score, such 
that for a desired false acceptance rate, a match 



value between the stored biometric information and 
the biometric sample is at least a pre-determined 
level, and for a desired false rejection rate, the 
match value is less than a pre-determined level. 

22. The method of claim 1, wherein automatically au- 
thenticating further comprise automatically authen- 
ticating the user by an application associated with 
the reader device. 

23. The method of claim 22, wherein automatically au- 
thenticating further comprises automatically au- 
thenticating the user by an application residing at 
least in part on the reader device. 

24. The method of claim 22, wherein automatically au- 
thenticating further comprising automatically au- 
thenticating the user by an application residing at 
least in part on a terminal associated with the reader 
device. 

25. The method of claim 1 , wherein automatically au- 
thenticating further comprises automatically au- 
thenticating the user by an application associated 
with the smart card. 

26. The method of claim 25, wherein automatically au- 
thenticating further comprises automatically au- 
thenticating the user by an application residing at 
least in part on the smart card. 

27. A system for authenticating a smart card user at a 
reader device, comprising: 

means for storing information fields for the user 
on the smart card, wherein the information 
fields comprise biometric Information for the us- 
er and a table of pre-defined probability of oc- 
currence values for user authentication; 
means for presenting the smart card and a bi- 
ometric sample for the user to the reader de- 
vice; and 

means for automatically authenticating the user 
based at least in part on the match level be- 
tween the stored biometric information and the 
presented biometric sample, 
means for calculating a match level between: 

(a) the biometric infomiation for the user 
that is stored on the smart card and 

(b) the biometric sample for the user that is 
presented to the reader device; 

characterized by 

said means for storing the information fields relating 
to the table of pre-defined probability of occurence 
values for user authentification further automatical- 
ly assignes a probability of occurence value to each 
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of a plurality of pre-defined threshold match scores; 
means for programming the reader device with: 

(a) a desired probability of occurrence val- ^ 
ue and 

(b) an instruction set directing the reader 
device to took to the table stored on the 
smart card to obtain the threshold match 
score con'esponding to the desired proba- io 
bility of occurrence value; 



terminal, a stored value terminal, a monetary ac- 
cess terminal, a computer access terminal, a stored 
value temninal, a monetary access temninal. a PBX 
terminal, a long distance terminal, a personal com- 
puter, a laptop computer, a personal digital assist- 
ant, a public internet terminal and an automated tell- 
er machine. 

36. The system of claim 27, wherein the means for au- 
tomatically authenticating further comprises an ap- 
plication associated with the smart card. 



- means for comparing the calculated match lev- 
el with the threshold match score that is ob- 
tained from the table stored on the smart card; is 
and 

wherein the user is authenticated if the calcu- 
lated match level is greater than the threshold 
match score that Is obtained from the table 
stored on the smart card. 20 



28. The system of claim 27, wherein the means for stor- 
ing the information fields further comprises an ap- 
plication on the smart card. 

25 

29. The system of claim 28, wherein the application on 
the smart card further comprises an application on 
a microprocessor of the smart card. 

30. The system of claim 29, wherein the means for pre- 30 

senting the smart card and the biometric sample fur- 
ther comprises a reader device associated with a 
terminal. 

31 . The system of claim 30, wherein the means for pre- 35 
senting the smart card and the biometric sample fur- 
ther comprises an application associated with the 
reader device. 

32. The system of claim 31 , wherein the terminal further 40 
comprises at least one of an area access terminal. 

a computer network terminal, a computer access 
terminal, a stored value terminal, a monetary ac- 
cess terminal, a PBX terminal, a long distance ter- 
minal, a personal computer, a laptop computer, a 
personal digital assistant, a public internet terminal, 
and an automated teller machine. 

33. The system of claim 27, wherein the means for au- 
tomatically authenticating the user further compris- so 
es an application associated with the reader device. 

34. The system of claim 33, wherein the reader device 
is associated with a terminal. 

55 

35. The system of claim 34. wherein the terminal further 
comprises at least one of an area access terminal, 
a computer network terminal, a computer access 



PatentansprQche 

1. Verfahren zum Authentifizieren eines Benutzers ei- 
ner Chip-Karte an einer Lesevorrichtung. umfas- 
send: 

Speichern von Informationsfeldern fur den Be- 
nutzer auf der Chip-Karte, wobei die Informatl- 
onsfelder biometrische Information fur den Be- 
nutzer und eine Tabelle mit vordefinierten Wer- 
ten einer Auftrittswahrscheinllchkeit fur eine 
Authentifizierung eines Benutzers umfassen; 
Voriegen der Chip-Karte und einer biometri- 
schen Probe fur den Benutzer der Lesevorrich- 
tung; und 

Berechnen eines Uberelnstlmmungsnlveaus 
zwischen: 

(a) der biometrischen Information fur den 
Benutzer. welche auf der Chip-Karte ge- 
speichert ist und 

(b) der biometrischen Probe fur den Benut- 
zer, welche der Lesevomchtung vorgelegt 
wird; 

automatisches Authentifizieren des Benutzers. 
das mindestens teilweise auf dem Ubereinstim- 
mungsniveau zwischen der gespeicherten bio- 
metrischen Information und der vorgelegten 
biometrischen Probe basiert, 

gekennzeichnet durch: 

Speichern der Informationsfelder, die die Tabel- 
le der vordefinierten Werte der Auftrittswahr- 
scheinlichkeiten fur die Authentifizierung des 
Benutzers betreffen. femer umfassend ein au- 
tomatisches Zuweisen eines Wertes der Auf- 
trittswahrscheinllchkeit zu jedem einer Vielzaht 
von vordefinierten Ubereinstimmungsschwell- 
werten; 

Programmieren der Lesevorrichtung mit: 

(a) einem gewunschten Wert der Auftritts- 
wahrscheinllchkeit; und 
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(b) einem Befehlssatz, der die Lesevorrich- 
tung tenkt, in der auf der Chip-Karte ge- 
speicherten Tabelle nachzusehen. urn den 
Obereinstimmungsschwellwert zu erhat- 
ten, der dem gewunschten Wert der Auf- 5 
trittswahrscheinlichkeit entspricht; 

Vergleichen des berechneten Ubereinstim- 
mungsniveaus mit dem Obereinstimmungs- 
schwellwert, der aus der auf der Chlp-Karte ge- io 
speicherten Tabelle erhalten wird; und 
Authentifizieren des Benutzers, falls das be- 
rechnete Ubereinstlmmungsniveau grd&er ist 
als der Obereinstimmungsschwellwert. der aus 
der auf der Chlp-Karte gespeicherten Tabelle is 
erhalten wird. 

2. Verfahren gema& Anspruch 1 , wobei das Speichern 
der Informationsfelder, die die biometrische Infor- 
mation fQr den Benutzer betreffen. femer das Sper- 20 
chern einer biometrischen Vorlage fur den Benutzer 
umfasst. 

3. Verfahren gemeiH Anspruch 2, wobei das Speichem 
der biometrischen Vorlage femer ein Speichern 25 
mindestens eines Modells von biometrischen Mu- 
stern fur den Benutzer umfasst, die aus einer Grup- 

pe von biometrischen Mustern ausgewahit werden, 
die Stimmabdruck, Lichtbild, Unterschrift, Finger- 
abdruck, Handgeometrie, Netzhautbild und Irisab- so 
tastung enthalten. 

4. Verfahren gemal^ Anspruch 1 , wobei ein automatl- 
sches Zuwelsen der Werte der Auftrittswahrschein- 
Hchkeit ferner ein automatisches Identifizieren der 35 
Obereinstimmungsschwellwerte fur jeden einer 
Vielzahl von Werteberelchen der Uberelnstim- 
mungswerte der biometrischen Lesevorrichtung 
umfasst. 

40 

5. Verfahren gemdH Anspruch 4, wobei das automa- 
tische Identifizieren der Obereinstimmungsschwell- 
werte ferner ein automatisches Tabeilarisleren ei- 
ner Leistungs-Histogramm-Vertellung von Oberein- 
stimmungswerten der biometrischen Lesevorrich- 45 
tung fOr die falsche Anerkennung eines Betruger 
und falsche Ablehnung eines gultigen Benutzers in 

die Vielzahl von Wertebereichen umfasst. 

6. Verfahren gemaH Anspruch 5, wobei das Tabellari- so 
sieren der Leistungs-Histogramm-Verteilung ferner 

ein automatisches Quantiflzieren der Leistungs-Hi- 
stogramm-Verteilung in diskrete Niveaus der Uber- 
einstimmungswerte der biometrischen Lesevorrich- 
tung umfasst. 55 

7. Verfahren gemdd Anspruch 6, wobei das Tabeilari- 
sleren der Leistungs-Histogramm-Verteilung ferner 



ein automatisches Zuweisen des Wertes der Auf- 
trittswahrscheintichkeit fur jedes der diskreten Ni- 
veaus der Obereinstimmungswerte der Lesevor- 
richtung umfasst 

8. Verfahren gemaB Anspruch 1 , wobei das Speichern 
der Informationsfelder ferner ein Speichern von 
persdnlichen Daten des Benutzers auf der Chip- 
Karte umfasst 

9. Verfahren gemaB Anspruch 1 , wobei das Speichern 
der Informationsfelder femer ein Speichern einer 
Infomiation, die das Identifizieren eines biometri- 
schen Systems betrifft, auf der Chip-Karte umfasst. 

10. Verfahren gemaQ Anspruch 1 , wobei das Speichern 
der Informationsfelder femer ein Speichern eines 
Hash-Datenfeldes auf der Chip-Karte umfasst. 

1 1 . Verfahren gemaQ Anspruch 1 , wobei das Speichern 
der Informationsfelder ferner ein Speichern der In- 
formationsfelder in eine Anwendung auf der Chip- 
Karte umfasst 

12. Verfahren gemafi Anspruch 11. wobei das Spei- 
chern der Informationsfelder In der Anwendung fer- 
ner ein Speichern der Informationsfelder in einer 
Anwendung auf einem Mikroprozessor der Chip- 
Karte umfasst. 

13. Verfahren gemaB Anspruch 1. wobei das Vorlegen 
der Chip-Karte ferner ein Vorlegen der Chip-Karte 
der Lesevorrichtung umfasst, die einem Endgerat 
zugeordnet ist 

14. Verfahren gem§& Anspruch 13. wobei das Endge- 
rat ferner mindestens ein Bereichszugangsendge- 
rat, ein Computernetzwerkendgerat, ein Computer- 
zugangsendgerat ein Speicherwertendgerat, ein 
Wahrungszugangsendgerat ein PBX Endgerat, ein 
Femendgerat ein Personalcomputer. ein Laptop- 
computer, ein persdniicher digitaler Assistent, ein 
offentllches Intemetendgerat und ein Geldautomat 
umfasst. 

15. Verfahren gemad Anspruch 1. wobei das Vorlegen 

der biometrischen Probe ferner ein Voriegen der 
biometrischen Probe der Lesevorrichtung umfasst, 
die einem Endgerat zugeordnet ist. 

16. Verfahren gemdH Anspruch 15, wobei das Endge- 
rat ferner mindestens ein Bereichszugangsendge- 
rat, ein Computernetzwerkendgerat, ein Computer- 
zugangsendgerat, ein SpeichenA/ertendgerat, ein 
Wahrungszugangsendgerat, ein PBX Endgerat, ein 
Femendgerdt, ein Personalcomputer, ein Laptop- 
computer, ein persdniicher digitaler Assistent. ein 
offentliches Intemetendgerat und ein Geldautomat 
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umfasst. 



der Lesevorrichtung befindet. 



17. Verfahren gema& Anspruch 1 . wobei das Vortegen 
der biometrischen Probe ferner ein Vorlegen min- 
destens einer biometrischen Probe ausgewahit a us s 
einer Gruppe von biometrischen Proben umfasst, 
die Stimmabdruck, Lichtbild, Unterschrift, Finger- 
abdruck. Handgeometrie. Netzhautbild und Irisab- 
tastung enthalten. 

10 

18. Verfahren gema& Anspruch 1, wobel das Automa- 
tische Authentifizieren femer ein Vor-Auswahlen 
des gewOnschten Wertes der Auftrittswahrschein- 
lichkeit umfasst. 

15 

19. Verfahren gemaa Anspruch 18, wobei das Vor-Aus- 
wahlen des gewOnschten Wertes der Auftrittswahr- 
scheinlichkeit ferner ein Vordefinieren eines ge- 
wOnschten Wertes der Auftrittswahrscheinlichkeit 

fur die falsche Anerkennung eines BetrOgers und 20 
falsche Ablehnung eines gultigen Benutzers um- 
fasst. 

20. Verfahren gemSB Anspruch 19, wobei das Vordefi- 
nieren des gewOnschten Wertes der Auftrittswahr- 25 
scheinlichkeit ferner ein Vordefinieren eines Befehl- 
satzes um^sst. der die Lesevorrichtung lenkt. in die 
gespeicherte Tabelle der Werte der Auftrittswahr- 
scheinlichkeit der Obereinstimmungsschwellwerte 

fur eine falsche Anerkennung eines BetrOgers und 30 
falsche Ablehnung eines gOltlgen Benutzers nach- 
zusehen. die dem gewOnschten Wert der Auftritts- 
wahrscheinlichkeit entsprechen. 

21. Verfahren gemafi Anspruch 20, wobei das automa- 35 
tische Authentifizieren ferner ein automatisches 
Auswahlen des Ubereinstimmungsschwellwertes 

fOr die falsche Anerkennung eines BetrOgers und 
falsche Ablehnung eines gOltigen Benutzers um- 
fesst, so dass fOr eine gewOnschte falsche Aner- 40 
kennungshaufigkell ein Obereinstimmungswert 
zwischen der gespeicherten biometrischen Infor- 
mation und der biometrischen Probe mindestens ei- 
nem vorherbestlmmten Niveau entspricht, und fur 
eine falsche AblehnungshSufigkeit der Uberein- 
stimmungswert kleiner ist als ein vorherbestimmtes 
Niveau. 

22. Verfahren gema& Anspruch 1, wobei das automa- 
tische Authentifizieren femer ein automatisches so 
Authentifizieren des Benutzers durch eine Anwen- 
dung umfasst. die der Lesevorrichtung zugeordnet 

ist. 

23. Veri'ahren gem3& Anspruch 22, wobei das automa- 55 
tische Authentifizieren ferner ein automatisches 
Authentifizieren des Benutzers durch eine Anwen- 
dung umfasst, die sich mindestens zu einem Teil auf 



24. Verfahren gemaB Anspruch 22, wobei das automa- 
tische Authentifizieren ferner ein automatisches 
Authentifizieren des Benutzers durch eine Anwen- 
dung umfasst, die sich mindestens zu einem Teil auf 
einem EndgerSt befindet, das der Lesevorrichtung 
zugeordnet ist 

25. Verfahren gemaQ Anspruch 1, wobei das automa- 
tische Authentifizieren femer ein automatisches 
Authentifizieren des Benutzers durch eine Anwen- 
dung umfasst. die der Chip-Karte zugeordnet ist. 

26. Verfahren gemali Anspaich 25, wobei das automa- 
tische Authentifizieren ferner ein automatisches 
Authentifizieren des Benutzers durch eine Anwen- 
dung umfasst, die sich mindestens zu einem Teil auf 
der Chip-Karte befindet. 

27. System zum Authentifizieren eines Benutzers einer 
Chip-Karte an einer Lesevorrichtung, umfassend: 

Mittel zum Speichern von Informationsfelder fOr 
den Benutzer auf der Chip-Karte, wobei die In- 
formationsfelder biometrische Infonmation fOr 
den Benutzer und eine Tabelle mit vordefinier- 
ten Werten der Auftrittswahrscheinlichkeit fur 
die Authentifizierung des Benutzers umfasst; 
Mittel zum Voriegen der Chip-Karte und einer 
biometrischen Probe fOr den Benutzer der Le- 
sevorrichtung; und 
- Mittel zum Berechnen eines Obereinstim- 
mungsniveaus zwischen: 

(a) der biometrischen Information fur den 
Benutzer. welche auf der Chip-Karte ge- 
speichert ist und 

(b) der biometrischen Probe fur den Benut- 
zer, weiche der Lesevomchtung vorgelegt 
wird; 

Mittel zum automatischen Authentifizieren des 
Benutzers, das mindestens teilweise auf dem 
Ubereinstimmungsniveau zwischen der ge- 
speicherten biometrischen Information und der 
vorgelegten biometrischen Probe basiert, 

gekennzeichnet 

dadurch, dass das Mittel zum Speichern der 
Infomfiationsfelder, die die Tabelle der vordeft- 
nierten Werten der Auftrittswahrscheinlichkeit 
fOr die Authentifizierung des Benutzers betref- 
fen. ferner automatisch einen Wert der Auftritts- 
wahrscheinlichkeit jedem einer Vielzahl von 
vordefinierten Ubereinstimmungsschwellwer- 
ten zuweist; 
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durch Mittei zum Programmieren der Lesevor- 
richtung mit: 

(a) einem gewQnschten Wert der Auftritts- 
wahrscheinlichkeit; und 5 

(b) eInem Befehlssatz, der die Lesevorrich- 
tung lenkt, in der auf der Chip-Karte ge- 
speicherten Tabelte nachzusehen, um den 
Ubereinstimmungsschwellwert zu erhal- 
ten, der dem gewQnschten Wert der Auf- io 
trlttswahrscheinlichkeit entspricht; 



durch Mittei zum Vergleichen des berechneten 
Obereinstimmungsnlveaus mit dem Oberein- 

stimmungsschweliwert, der aus der auf der t5 
Chip-Karte gespeicherten Tabelie erhalten 
wird; und 

wobei der Benutzer authentifiziert ist, fails das 
berechnete Oberelnstimmungsniveau grdtSer 
Ist als der Ubereinstimmungsschwellwert. der 20 
aus der auf der Chip-Karte gespeicherten Ta- 
belie erhalten wird. 

28. System gemaH Anspruch 27, wobei das Mittei zum 
Speichem der Informationsfelder ferner eine An- ^5 
wendung auf der Chip-Karte umfasst. 

29. System gema Q> Anspruch 28, wobei die Anwendung 
auf der Chip-Karte ferner eine Anwendung auf ei- 
nem Mikroprozessor der Chip-Karte umfasst. 30 

30. System gemaB Anspruch 29, wobei das Mittei zum 
Vorlegen der Chip-Karte und der biometrischen 
Probe ferner eine Lesevonrichtung umfasst, die ei- 
nem Endgerat zugeordnet ist. 3S 

31. System gemaB Anspruch 30, wobei das Mittei zum 
Vorlegen der Chip-Karte und der biometrischen 
Probe ferner eine Anwendung umfasst, die der Le- 
sevorrichtung zugeordnet ist. 40 

32. System gemaB Anspruch 31, wobei das Endgerat 
ferner mindestens ein Bereichszugangsendgerat, 
ein Computemetzwerkendgerat. ein Computerzu- 
gangsendgerat, ein Speicherwertendgerdt, ein 45 
WahrungszugangsendgerSl, ein PBX EndgerSt. ein 
Femendgerat, ein Personalcomputer, ein Laptop- 
computer, ein personlicher digitaler Assistent, ein 
offentiiches Internetendgerat und ein Geldautomat 
umfasst. 50 

33. System gemali Anspruch 27, wobei das Mittei zum 
automatischen Authentifizieren des Benutzers fer- 
ner eine Anwendung umfasst, die der Lesevorrich- 
tung zugeordnet ist. ss 

34. System gemSli Anspruch 33, wobei die Lesevor- 
richtung einem Endgerat zugeordnet ist. 



35. System gemaB Anspruch 34, wobei das Endgerat 
femer mindestens ein Bereichszugangsendgerat, 
ein Computemetzwerkendgerat, ein Computerzu- 
gangsendgerat, ein Spelcherwertendgerdt, ein 
Wahrungszugangsendgerat, ein PBX Endgerat, ein 
Femendgerat. ein Personalcomputer, ein Laptop- 
computer, ein personlicher digitaler Assistent, ein 
offentiiches Intemetendgerat und ein Geldautomat 
umfasst 

36. System gemaB Anspruch 27, wobei das Mittei zum 
automatischen Authentifizieren ferner eine Anwen- 
dung umfasst, die der Chip-Karte zugeordnet ist 



Revendfcations 

1. Proc6d6 d'authentification d'un utilisateur de carte 
d mdmoire au niveau d*un dispositif de lecture, qui 

comprend : 

• le stockage de champs d'Informations relatifs d 
Tutilisateur sur la carte d m^moire, les champs 
d'Informations comprenant des infomnations 
biom6triques relatives a I'utilisateur et un ta- 
bleau de probability pr^d^finie de valeurs d'oc- 
currence permettant Tauthentlfication de 
Tutilisateur ; 

• la pr6sentatk)n de la carte k m^moire et d'un 
^chantillon biom^trique relatif d rutilisateur au 
dispositif de lecture ; et 

• I'authentification automatique de Tutilisateur, 
au moins en partie sur la base du niveau de 
correspondance entre les informations blomd- 
triques 8tock6es et r^chantillon bk)m6trlque 
pr^sente, 

• le calcul d'un niveau de correspondance entre : 

(a) les informations biometriques relatives 
k rutilisateur et stock^es sur la carte h m6- 
moire, et 

(b) Techantillon biom^trique relatif d I'utili- 
sateur que Ton pr^sente au dispositif de 
lecture ; 

caract6ris6 par 

le stockage des champs d'Informations concer- 
nant le tableau de probability pr^dyfinie de va- 
leurs d'occurrence permettant Tauthentification 
de rutilisateur comprend de plus fassig nation 
automatlquement d'une probability de valeur 
d'occurrence ^ chacun d'une plurality de sco- 
res seuils de correspondance prydyfinis ; 
le fait de programmer le dispositif de lecture d 
raide : 

(a) d'une probability voulue de valeur d'oc- 
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currence et 

(b) d'un ensemble d'instmctions condui- 
sant le dispositif de lecture d consutter le 
tableau stocks sur la carte d m^moire afin 
d*obtenir le score seuil de correspondance ^ 
correspondant d la probability voulue de 
valeur d'occurrence ; 



bulation de la repartition en histogramme des per- 
formances comprend de plus I'assignation de la 
probability de la valeur d'occurrence pour chacun 
des niveaux discrets des scores de correspondan- 
ce du dispositif de lecture biom^trique. 

8. Proc^dd selon la revendication 1, dans lequel le 
stoclcage des champs d'informations comprend de 
plus le stockage de donn^es personnelles relatives 
d i'utilisateur sur la carte d m^moire. 

Proc6d6 selon la revendication 1. dans lequel le 
stockage des champs d'informations comprend de 
plus le stockage d'informations concernant Tidenti- 
fication d'un syst^me biom^trique sur la carte d m6- 
moire. 



la comparaison du niveau calcule de corres- 
pondance au score seuil de correspondance 
que Ton obtient d partir du tableau stocks sur 
la carte d m§moire ; et 9. 
authentification de I'utilisateur si le niveau cal- 
culi de correspondance est supdrieur au score 
seuil de correspondance obtenu d partir du ta- ^5 
bleau stocky sur la carte a m^moire. 



2. Proc^dd selon la revendication 1, dans lequel le 
stockage des champs d'informations concernant 

les informations biom^triques relatives d I'utilisateur 20 
comprend de plus le stockage d'un modele blom6- 
trique relatif d Tutilisateur. 

3. Procede selon la revendication 2. dans lequel le 
stockage du modele biom6trique comprend de plus 25 
le stockage d'au moins un module de rdf^rences 
biomytriques relatives ^ I'utilisateur. choisis d partir 
d*un groupe de r6fyrences biom6triques consistant 

en les elements sulvants: I'empreinte vocale, 1a 
photographie, la signature, I'empreinte digitale, la 30 
g^om^trie de la main, I'image r^tinienne et le ba- 
layage de I'lrls. 



10. Proc6d6 selon la revendication 1, dans lequel le 
stockage des champs d'informations comprend de 
plus le stockage d'une zone de donn6es hachdes 
sur la carte d mymoire. 

11. Procede selon la revendication 1, dans lequel le 
stockage des champs d'informations comprend de 
plus le stockage des champs d'informations dans 
une application sur la carte d m6moire. 

12. Proc^dd selon la revendication 11. dans lequel le 
stockage des champs d'informations dans I'applica- 
tion comprend de plus le stockage des champs d'in- 
formations dans une application sur un micropro- 
cesseur de la carte d mdmoire. 



4. Proc^dd selon la revendication 1 , dans lequel i'as- 
signation de la probability des valeurs d'occurrence 35 
comprend de plus I'identification automatique des 
scores seuils de correspondance pour chacune 
d'une plurality d'Intervalles devaleurs de scores de 
correspondance du dispositif de lecture biomytri- 
que. 40 

5. Procyde selon la revendication 4, dans lequel 
I'identification des scores seuils de correspondance 
comprend de plus la tabulation d'une rypartition en 
histogramme des performances des scores de cor- 45 
respondance du dispositif de lecture biomytrique, 
pour la fausse acceptation d'un imposteur et le rejet 
par enreur d'un utilisateur valide. parmi la plurality 
d'intervalles devaleurs. 

50 

6. Procyde selon la revendication 5, dans lequel la ta- 
bulation de la rypartition en histogramme des per- 
fonmances comprend de plus la quantification auto- 
matique de la rypartition en histogramme des per- 
formances en niveaux discrets de scores de corres- 55 
pondance du dispositif de lecture biomytrique. 

7. Procydy selon la revendication 6, dans lequel la ta- 



13. Procydy selon la revendication 1, dans lequel la 
prysentation de la carte ci mymoire comprend de 
plus la prysentation de la carte d mymoire au dis- 
positif de lecture associy d un terminal. 

14. Procydy selon la revendication 13, dans lequel le 
terminal comprend de plus au moins I'un des yiy- 
ments suivants : un terminal d accys local, un ter- 
minal de ryseau informatique. un terminal y accys 
informatique, un terminal y valeur mymorisye, un 
temiinal y accys mon6taire, un terminal PBX, un 
terminal yioigny, un ordinateur personnel, un ordi- 
nateur portatit un assistant numyrique personnel, 
un tenminal Intemet public, et un guichet automati- 
que bancaire. 

15. Procydy selon la revendication 1, dans lequel la 
prysentation de rychantillon biometrique comprend 
de plus la prysentation de I'ychantillon biomytrique 
au dispositif de lecture associy k un terminal. 

16. Procydy selon la revendication 15, dans lequel le 
terminal comprend de plus au moins I'un des yiy- 
ments suivants : un terminal y accys local, un ter- 
minal de ryseau informatique. un temiinal k accys 
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informatique. un terminal d valeur m§moris6e, un 
terminal a acc6s mon6talre, un terminal PBX, un 
terminal ^loign6, un ordinateur personnel, un ordi- 
nateur portatif, un assistant num^rique personnel, 
un terminal Internet public, et un guichet automati- s 
que bancalre. 

17. Proc6d6 seton la revendication 1, dans lequel la 
presentation de I'dchantillon blom^trique comprend 
de plus la presentation d*au moins un echantlllon io 
blometrlque choisi parmi dans un groupe d'^chan- 
tlllons biometriques consistant en les elements 
suivants : I'empreinte vocale, la photographie, la si- 
gnature, I'emprelnte digitate, la g^ometrie de la 
main, I'image retinlenne et le balayage de I'iris. is 



Tauthentificatlon automatlque comprend de plus 

I'authentification automatique de Tutilisateur par 
une application resident au moins en partle dans le 
dispositif de lecture. 

24. Precede selon la revendication 22, dans lequel 
I'authentification automatique comprend de plus 
rauthentification automatique de rutiiisateur par 
une application rdsldant au moins en partie dans un 
terminal associe au dispositif de lecture. 

25. Proc6d6 selon la revendication 1, dans lequel 
rauthentification automatique comprend de plus 
I'authentification automatique de I'utilisateur par 
une application associ^e d la carte d m^moire. 



18. Precede selon la revendication 1, dans lequel 
I'authentification automatique comprend de plus la 
preselection de la probabilite voulue de la valeur 
d'occurrence. 20 

19. Precede selon la revendication 18, dans lequel la 
preselection de la probabilite voulue de la valeur 
d'occurrence comprend de plus la predefinition 
d'une probabilite voulue de valeur d'occurrence cor- 25 
respondant e la fausse acceptation d'un Imposteur 

et le rejet par en-eur d*un utilisateur valide. 

20. Procede selon la revendication 19, dans lequel la 
predefinition de la probabilite voulue de la valeur 30 
d'occurrence comprend de plus la predefinition d'un 
ensemble d'instructions conduisant le dispositif de 
lecture e consulter le tableau stocke de probabilite 

de valours d'occurrence de score seuil de corres- 
pondence correspondent e la fausse acceptation 35 
d'un imposteur et au rejet par erreur d'un utilisateur 
valide et correspondent d la probabilite voulue de 
valeur d'occurrence. 

21. Precede selon la revendication 20, dans lequel 40 
I'authentification automatique comprend de plus la 
selection automatique de score seuil de correspon- 
dence correspondent e la fausse acceptation d'un 
imposteur et au rejet par en-eur d'un utilisateur va- 
lide, ce qui fait que pour un taux voulu d'acceptation 45 
par erreur, une valeur de con-espondance entre les 
infomiations biometriques stockees et I'echantillon 
biometrique atteint au moins un niveau predetermi- 
ne, et que pour un taux voulu de rejet par erreur, la 
valeur de correspondence se situe au-dessous d'un so 
niveau predetermine. 

22. Precede selon la revendication 1, dans lequel 
rauthentification automatique comprend de plus 
I'authentification automatique de I'utilisateur par s$ 
une application associee au dispositif de lecture. 

23. Precede selon la revendication 22, dans lequel 



26. Precede selon la revendication 25. dans lequel 
I'authentification automatique comprend de plus 
I'authentification automatique de I'utilisateur par 
une application resident au moins en partie dans la 
carte e memoire. 

27. Systeme d'authentification d'un utilisateur de carte 
e memoire au niveau d'un dispositif de lecture, qui 
comprend : 

• un moyen de stockage de champs d'informa- 
tions relatifs ^ I'utilisateur sur la carte e memoi- 
re, les champs d'informations comprenant des 
informations biometriques relatives e rutiiisa- 
teur et un tableau de probabilite predefinie de 
valeurs d'occurrence permettant I'authentifica- 
tion de I'utilisateur ; 

• un moyen de presentation de la carte k memoi- 
re et d'un echantillon biometrique relatif e I'uti- 
lisateur au dispositif de lecture ; et 

• un moyen d'authentification automatique de 
I'utilisateur, au moins en partie sur la base du 
niveau de correspondence entre les informa- 
tions biometriques stockees et I'echantillon bio- 
metrique presente, 

• un moyen de calcul d'un niveau de correspon- 
dence entre: 

(a) les informations biometriques relatives 
e i'utilisateur et stockees sur la carte e me- 
moire, et 

(b) I'echantillon biometrique relatif e i'utili- 
sateur que I'on presente au dispositif de 
lecture ; 

caracterise par 

le fait que ledit moyen de stockage des 
champs d'informations concernant le tableau 
de probabilite predefinie de valeurs d'occurren- 
ce penmettant I'authentification de Tutilisateur 
assigne de plus automatiquement une proba- 
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bilit6 de vateur d'occurrence d chacun des sco- 
res seuiis de correspondance pr^deflnis parmi 
une plurality d'entre eux ; 
un moyen de programmatton du dispositif de 
lecture d Taide : s 

(a) d'une probability voulue de valeur d'oc- 
currence et 

(b) d'un ensemble d'instructions condui- 
sant le dispositif de lecture d consulter le io 
tableau stocks sur la carte d mdmoire afin 
d'obtenir le score seuil de correspondance 
correspondant d la probability voulue de 
valeur d'occurrence ; 

15 

un moyeri de comparaison du niveau calcule 
de correspondance au score seuil de corres- 
pondance que Ton obtient d partir du tableau 
stocky sur la carte d mymoire ; et 
Tutilisateur ytant authentifie si le niveau calcule 20 
de correspondance est sup^rieur au score seuil 
de con-espondance obtenu d partir du tableau 
stocky sur la carte ^ mymoire. 



dispositif de lecture. 

34. Systyme salon la revendication 33, dans lequel le 
dispositif de lecture est associy d un terminal. 

35. Systynfte selon la revendication 34. dans lequel le 
terminal comprend de plus au moins Tun des yiy- 
ments suivants : un terminal y accys local, un ter- 
minal de ryseau infonmatique, un terminal y accys 
infonmatique, un terminal d valeur mymorlsye» un 
terminal y accys monytaire, un terminal PBX, un 
terminal yioigny, un ordinateur personnel, un ordi- 
nateur portatif, un assistant numerique personnel, 
un terminal Internet public, et un guichet automatl- 
que bancaire. 

36. Systyme selon la revendication 27, dans lequel le 
moyen d'authentification automatlque de Tutilisa- 
teur comprend de plus une application associye y 
la carte y mymoire. 



28. Systyme selon la revendication 27. dans lequel le 25 
moyen de stockage des champs d'informations 
comprend de plus une application se trouvant dans 

la carte y mymoire. 

29. Systeme selon la revendication 28, dans lequel Tap- 30 
plication se trouvant dans la carte y mymoire com- 
prend de plus une application se trouvant dans un 
microprocesseur de la carte y mymoire. 

30. Systyme selon la revendication 29, dans lequel le 35 
moyen de prysentation de la carte y mymoire et de 
rychantillon blomytrique comprennent de plus un 
dispositif de lecture associy y un terminal. 

31. Systyme selon la revendication 30, dans Jequei le 40 
moyen de prysentation de la carte y mymoire et de 
rychantillon blomytrique comprend de plus une ap- 
plication associye au dispositif de lecture. 

32. Systyme selon la revendication 31 . dans lequel le 45 
terminal comprend de plus au moins I'un des yiy- 
ments suivants : un terminal y accys local, un ter- 
minal de ryseau Infonmatique. un terminal y accys 
infonnatique, un terminal y valeur mymorisye, un 
terminal y accys monytaire, un terminal PBX, un so 
terminal yioigny, un ordinateur personnel, un ordi- 
nateur portatif, un assistant numyrique personnel, 

un terminal Internet public, et un guichet automati- 
que bancaire. 

55 

33. Systeme selon la revendication 27, dans lequel le 
moyen d'authentiflcation automatique de I'utilisa- 
teur comprend de plus une application associye au 
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